Cyberattacks Surge Across Gulf as Geopolitical Conflict Spills into Digital Infrastructure
Over 100 cyber incidents targeting critical infrastructure in the Middle East were recorded within 72 hours, signaling a sharp escalation in digital warfare amid rising tensions between the US, Israel, and Iran. The attacks, which began in late February following coordinated US-Israeli strikes on Iranian military sites, have disrupted financial institutions, telecommunications, aviation, and government systems across the Gulf.
Cybersecurity firm CloudSEK reported that more than 60 hacker collectives mobilized rapidly, leveraging low-cost tools such as DDoS attack kits available for as little as $100 to overwhelm targets. Stolen corporate credentials, sold for under $10 on dark web markets, further lowered the barrier for attackers. Among the entities hit were Saudi Arabia’s Riyadh Bank and Al Rajhi Bank, Kuwait International Airport, Bahrain’s Batelco, UAE telecom operator du, and multiple GCC government ministries.
While most attacks have been unsophisticated, experts warn of broader economic risks. Cyber incidents in the Middle East carry an average cost of $8 million nearly double the global average due to the region’s heavy reliance on digitized energy, aviation, and financial systems. Even brief outages, such as those reported by Abu Dhabi Commercial Bank and First Abu Dhabi Bank, can disrupt millions in transactions.
Iran-aligned hacktivist groups, including Handala, DieNet, and Ghost Princess, have claimed responsibility for many attacks, often prioritizing visibility over sustained disruption. However, the long-term threat persists as stolen data circulates in underground markets, enabling repeated intrusions.
The surge underscores how cyber warfare has become a core component of modern conflict. Past incidents, like the Stuxnet attack on Iran’s nuclear program and Russia’s cyber campaigns in Ukraine, demonstrate the potential for digital attacks to cause widespread economic damage. With Gulf economies increasingly digitized, cyber resilience is now a critical national security priority.
Batelco by Beyon cybersecurity rating report: https://www.rankiteo.com/company/batelco
alrajhi bank cybersecurity rating report: https://www.rankiteo.com/company/alrajhibank
Abu Dhabi Ports cybersecurity rating report: https://www.rankiteo.com/company/abu-dhabi-ports
"id": "BATALRABU1777926903",
"linkid": "batelco, alrajhibank, abu-dhabi-ports",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Banking',
'location': 'Saudi Arabia',
'name': 'Riyadh Bank',
'type': 'Financial Institution'},
{'industry': 'Banking',
'location': 'Saudi Arabia',
'name': 'Al Rajhi Bank',
'type': 'Financial Institution'},
{'industry': 'Aviation',
'location': 'Kuwait',
'name': 'Kuwait International Airport',
'type': 'Airport'},
{'industry': 'Telecom',
'location': 'Bahrain',
'name': 'Batelco',
'type': 'Telecommunications'},
{'industry': 'Telecom',
'location': 'UAE',
'name': 'du',
'type': 'Telecommunications'},
{'industry': 'Banking',
'location': 'UAE',
'name': 'Abu Dhabi Commercial Bank',
'type': 'Financial Institution'},
{'industry': 'Banking',
'location': 'UAE',
'name': 'First Abu Dhabi Bank',
'type': 'Financial Institution'},
{'industry': 'Public Sector',
'location': 'Gulf Cooperation Council',
'name': 'GCC government ministries',
'type': 'Government'}],
'attack_vector': ['Stolen credentials', 'DDoS attack kits'],
'data_breach': {'data_exfiltration': True,
'type_of_data_compromised': 'Stolen corporate credentials'},
'date_detected': 'late February',
'description': 'Over 100 cyber incidents targeting critical infrastructure in '
'the Middle East were recorded within 72 hours, signaling a '
'sharp escalation in digital warfare amid rising tensions '
'between the US, Israel, and Iran. The attacks disrupted '
'financial institutions, telecommunications, aviation, and '
'government systems across the Gulf. Iran-aligned hacktivist '
'groups claimed responsibility, leveraging low-cost tools and '
'stolen credentials to overwhelm targets.',
'impact': {'data_compromised': True,
'downtime': True,
'financial_loss': '$8 million (average cost per incident in the '
'Middle East)',
'operational_impact': 'Disrupted millions in transactions',
'systems_affected': ['Financial institutions',
'Telecommunications',
'Aviation',
'Government systems']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': 'Stolen corporate credentials'},
'lessons_learned': 'Cyber warfare has become a core component of modern '
'conflict, and cyber resilience is now a critical national '
'security priority for digitized economies.',
'motivation': 'Geopolitical conflict',
'post_incident_analysis': {'root_causes': 'Geopolitical tensions, low-cost '
'attack tools, and availability of '
'stolen credentials on dark web '
'markets'},
'references': [{'source': 'CloudSEK'}],
'response': {'third_party_assistance': 'CloudSEK (cybersecurity firm)'},
'threat_actor': ['Handala', 'DieNet', 'Ghost Princess'],
'title': 'Cyberattacks Surge Across Gulf as Geopolitical Conflict Spills into '
'Digital Infrastructure',
'type': ['DDoS', 'Data Breach']}